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Question: 1 


Which of the following parameters is used in the database on a slave server to direct clients that 
want to make changes to the OpenLDAP database to the master server? 


A. updatedn 
B. updateserver 
C. updateref 
D. updateuri 


Answer: C 


Question: 2 


It is found that changes made to an OpenLDAP directory are no longer being replicated to the slave 
server at 192.168.0.3. Tests prove that the slave server is listening on the correct port and changes 
are being recorded properly to the replication log file. In which file would you find the replication 
errors? 


A. replication.err 
B. replication.rej 
C. 192.168.0.3:389.rej 
D. 192.168.0.3:389.err 


Answer: C 


Question: 3 


FILL IN THE BLANKS 

In an OpenLDAP masters's slapd.conf configuration file, a replica configuration option is needed to 
enable a slave OpenLDAP server to replicate. What value is required in the following setting: 
bindmethod= if using passwords for master/slave authentication? (Only specify the 
missing value) 


Answer: simple 


Question: 4 


In the example below, what is the missing argument that is required to use secret as the password to 
authenticate the replication push with a slave directory server? 

replica uri=ldaps: //slave.example.com: 636 

binddn="cn=Replicator,dc=example,dc=com" 

bindmethod=simple =secret 


A. secure 
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B. master 
C. credentials 
D. password 


Answer: C 


Question: 5 


FILL IN THE BLANKS 

Below is an ACL entry from a slapd.conf file. Fill in the access control level setting to prevent users 
from retrieving passwords. 

access to attrs=ImPassword,ntPassword by dn="cn=smbadmin,dc=samplenet" write by * 


Answer: none 


Question: 6 


When configuring OpenLDAP to use certificates, which option should be used with the 
TLSVerifyClient directive to ask the client for a valid certificate in order to proceed normally? 


A. never 
B. allow 

C. try 

D. demand 


Answer: D 


Question: 7 


Which of the following procedures will test the TLS configuration of an OpenLDAP server? 


A. Run the Idapsearch command with the -ZZ option, while watching network traffic with a packet 
analyzer. 

B. Run the Idapsearch command with the -x option, while watching network traffic with a packet 
analyzer. 

C. Run the slapcat command, while watching network traffic with a packet analyzer. 

D. Verify the TLS negotiation process in the /var/log/Idap_auth.log file. 

E. Verify the TLS negotiation process in the /var/log/auth.log file. 


Answer: A 


Question: 8 


FILL IN THE BLANKS 
The command, included with OpenLDAP, will generate password hashes suitable for use in 
slapd.conf. (Enter the command with no options or parameters) 
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Answer: slappasswd 


Question: 9 


In slapd.conf, what keyword will instruct slapd to not ask the client for a certificate. 
TLSVerifyClient = 


A. never 

B. nocert 

C. none 

D. unverified 


Answer: A 


Question: 10 


OpenLDAP can be secured by which of these options? (Select THREE correct choices) 


A. TLS (Transport Layer Security) 

B. ACLs (Access Control Lists) 

C. HTTPS (Hypertext Transfer Protocol Secure) 
D. SSL (Secure Sockets Layer) 

E. OSI-L2 (OSI Layer 2 encryption) 


Answer: A,B,D 


Question: 11 


After modifying the indexes for a database in slapd.conf and running slapindex, the slapd daemon 
refuses to start when its init script is called. What is the most likely cause of this? 


A. The indexes are not compatible with the init script. 

B. The init script cannot be run after executing slapindex, without first signing the indexes with 
slapsign. 

C. The init script has identified one or more invalid indexes. 

D. The init script is starting slapd as an ordinary user, and the index files are owned by root. 


Answer: D 


Question: 12 


What does cachesize 1000000 represent in the slapd.conf file? 


A. The number of entries to be cached. 
B. The size of the cache in Bytes. 
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C. The size of the cache in Bits. 
D. The minimum cache size in Bytes. 
E. The maximum cache size in Bytes. 


Answer: A 
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